{"affected":[{"ecosystem_specific":{"binaries":[{"libpoppler-glib8":"0.43.0-16.15.1","libpoppler-qt4-4":"0.43.0-16.15.1","libpoppler60":"0.43.0-16.15.1","poppler-tools":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib8":"0.43.0-16.15.1","libpoppler-qt4-4":"0.43.0-16.15.1","libpoppler60":"0.43.0-16.15.1","poppler-tools":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP3","name":"poppler-qt","purl":"pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-cpp0":"0.43.0-16.15.1","libpoppler-devel":"0.43.0-16.15.1","libpoppler-glib-devel":"0.43.0-16.15.1","libpoppler-qt4-devel":"0.43.0-16.15.1","typelib-1_0-Poppler-0_18":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-cpp0":"0.43.0-16.15.1","libpoppler-devel":"0.43.0-16.15.1","libpoppler-glib-devel":"0.43.0-16.15.1","libpoppler-qt4-devel":"0.43.0-16.15.1","typelib-1_0-Poppler-0_18":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"poppler-qt","purl":"pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib8":"0.43.0-16.15.1","libpoppler-qt4-4":"0.43.0-16.15.1","libpoppler60":"0.43.0-16.15.1","poppler-tools":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib8":"0.43.0-16.15.1","libpoppler-qt4-4":"0.43.0-16.15.1","libpoppler60":"0.43.0-16.15.1","poppler-tools":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"poppler-qt","purl":"pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib8":"0.43.0-16.15.1","libpoppler-qt4-4":"0.43.0-16.15.1","libpoppler60":"0.43.0-16.15.1","poppler-tools":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib8":"0.43.0-16.15.1","libpoppler-qt4-4":"0.43.0-16.15.1","libpoppler60":"0.43.0-16.15.1","poppler-tools":"0.43.0-16.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"poppler-qt","purl":"pkg:rpm/suse/poppler-qt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.43.0-16.15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for poppler fixes the following issues:\n\nThese security issues were fixed:\n\n- CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry()\n  function via a crafted PDF document (bsc#1059066).\n- CVE-2017-9865: Fixed a stack-based buffer overflow vulnerability\n  in GfxState.cc that would have allowed attackers to facilitate\n  a denial-of-service attack via specially crafted PDF\n  documents. (bsc#1045939)\n- CVE-2017-14518: Remedy a floating point exception in\n  isImageInterpolationRequired() that could have been exploited using a\n  specially crafted PDF document. (bsc#1059101)\n- CVE-2017-14520: Remedy a floating point exception in\n  Splash::scaleImageYuXd() that could have been exploited using a specially\n  crafted PDF document. (bsc#1059155)\n- CVE-2017-14617: Fixed a floating point exception in Stream.cc,\n  which may lead to a potential attack when handling malicious PDF\n  files. (bsc#1060220)\n- CVE-2017-14928: Fixed a NULL Pointer dereference in\n  AnnotRichMedia::Configuration::Configuration() in Annot.cc, which may\n  lead to a potential attack when handling malicious PDF\n  files. (bsc#1061092)\n- CVE-2017-14975: Fixed a NULL pointer dereference vulnerability,\n  that existed because a data structure in FoFiType1C.cc was not\n  initialized, which allowed an attacker to launch a denial of service\n  attack. (bsc#1061263)\n- CVE-2017-14976: Fixed a heap-based buffer over-read vulnerability in\n  FoFiType1C.cc that occurred when an out-of-bounds font dictionary index\n  was encountered, which allowed an attacker to launch a denial of service\n  attack. (bsc#1061264)\n- CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the\n  FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred\n  due to lack of validation of a table pointer, which allows an attacker\n  to launch a denial of service attack. (bsc#1061265)\n- CVE-2017-15565: Prevent NULL Pointer dereference in the\n  GfxImageColorMap::getGrayLine() function via a crafted PDF document\n  (bsc#1064593).\n- CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent\n  overflows in subsequent calculations (bsc#1074453).\n","id":"SUSE-SU-2018:1662-1","modified":"2018-06-12T13:45:38Z","published":"2018-06-12T13:45:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045939"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059066"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059101"},{"type":"REPORT","url":"https://bugzilla.suse.com/1059155"},{"type":"REPORT","url":"https://bugzilla.suse.com/1060220"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061092"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061263"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061264"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061265"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064593"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074453"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000456"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14517"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14518"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14520"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14928"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14975"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14976"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15565"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9865"}],"related":["CVE-2017-1000456","CVE-2017-14517","CVE-2017-14518","CVE-2017-14520","CVE-2017-14617","CVE-2017-14928","CVE-2017-14975","CVE-2017-14976","CVE-2017-14977","CVE-2017-15565","CVE-2017-9865"],"summary":"Security update for poppler","upstream":["CVE-2017-1000456","CVE-2017-14517","CVE-2017-14518","CVE-2017-14520","CVE-2017-14617","CVE-2017-14928","CVE-2017-14975","CVE-2017-14976","CVE-2017-14977","CVE-2017-15565","CVE-2017-9865"]}